2
Executive Summary
The goal of the Global Cyber Security Capacity Centre (Capacity Centre) is to increase the scale and
effectiveness of cybersecurity capacity-building, both within the UK and internationally by gaining a
more comprehensive and nuanced understanding of the cybersecurity capacity landscape. It is our
aim to ensure that the knowledge and research collected and produced by the Capacity Centre can
assist nations improve their cybersecurity capacity in a systematic and substantive way. By helping
understand national cybersecurity capacity, the Capacity Centre hopes to help promote an innovative
cyberspace in support of well-being, human rights and prosperity for all.
In order to achieve this aim, the Capacity Centre developed its prototype National Cybersecurity
Capacity Maturity Model in 2014, and deployed it in 2015 during 11 national cybersecurity capacity
reviews, as well as a regional assessment of the Latin American and Caribbean Region (led by the
Organization of American States in collaboration with the Inter-American Development Bank). The
reviews were conducted alongside several international organisations and leading ministries, and
convened stakeholders from across all sectors of society in order to gain a comprehensive
understanding of the maturity of cybersecurity capacity of the nation. During the reviews, the Capacity
Centre was able to gauge whether the content of CMM is consistent with the cybersecurity capacity
landscape, as well as determine ways to enhance the overall content, structure and deployment of
the CMM through lessons learnt.
Therefore, the Capacity Centre has developed a revised edition of the CMM, based on the lessons
learnt through the deployment of the model. The Capacity Centre proposed a series of modifications
based on the lessons learnt to a panel of cybersecurity experts from various disciplines. These expert
consultations confirmed several proposed amendments, and produced additional inputs for
consideration in the revision of the CMM. Once the amended content was curated by senior
academics leading the development of the respective cybersecurity capacity dimensions, the revised
edition of the CMM was produced.
Most of the alterations that have been made in the revised edition of the CMM are structural rather
than substantial. Certain factors and aspects have been combined or reconfigured to improve the
clarity and precision of the model as a whole, while ensuring the continuity of the content. For
example, in Dimension 3, several review participants expressed confusion regarding the differences
between factors, which resulted in a reconfiguration of this dimension in order to more clearly
communicate the intention of each factor. Other revisions, such as adding factors to certain
dimensions, were made to ensure the essence of the cybersecurity capacity dimensions is more
accurately reflected. In Dimension 5, in particular, several new factors were added so that the focus
of the dimension is drawn toward technical standards, controls and products rather than the existing
ambiguous scope. Finally, some factors were added as a direct result of feedback from the various
country reviews, such as the addition of a factor on the role of media in Dimension 2 and a factor on
international cooperation in Dimension 4.
This effort to enhance the content of the CMM is not intended to be a static exercise. As the Capacity
Centre continues to deploy the model across the world, new lessons will be learnt that can be used to
further enhance the CMM. Our aim is to ensure the CMM remains applicable to all national contexts
and reflects the global state of cybersecurity capacity maturity.
评论0